org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44290 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44290 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643420...

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44288 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44288 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643235...

org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:azure__msal-node (=1.5.0) +7 more potentially affected by CVE-2025-65945 via org.webjars.npm:jws (>=3.2.2 <=4.0.0)

org.webjars.npm:jws MAVEN version =3.2.2, =1.6.1, =2.3.2, =5.5.4, =0.0.1, =1.0.0 Source cves: CVE-2025-65945 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14188254...

Malicious code in grpc-js-repository (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2880 Malicious code in grpc-js-repository (npm)

--- -= Per source details. Do not edit below this line.=-...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.17 and earlier

Summary This fix upgrades to Websphere Liberty 24.0.0.6, socket.io 3.0.2, and grpc-js 1.8.22. Websphere Liberty is used by the IBM Answer Retrieval for Watson Discovery swagger microservice. Socket.io and grpc-js are used by the IBM Answer Retrieval for Watson Discovery user interfaces for...

Denial Of Service (DoS)

@grpc/grpc-js is vulnerable to Denial of Service DoS. The vulnerability is due to improper message size checks becauses messages that exceed the grpc.maxreceivemessagelength are buffered or decompressed in entirety before being discarded, which can result in DoS...

GHSA-7V5V-9H63-CJ86 @grpc/grpc-js can allocate memory for incoming messages well above configured limits

Impact There are two separate code paths in which memory can be allocated per message in excess of the grpc.maxreceivemessagelength channel option: 1. If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. 2. If an...

@a11ywatch/core (=0.8.13), @a11ywatch/mav (>=0.7.17 <=0.7.27) +55 more potentially affected by CVE-2024-37168 via @grpc/grpc-js (>=1.9.0 <=1.9.14)

@grpc/grpc-js NPM version =1.9.0, =0.7.17, =0.61.0, =1.61.0, =0.0.5, =0.0.6, =0.0.8, =0.0.11, =0.0.5, =1.0.1, =0.6.0, =0.1.11, =0.1.21 and more Source cves: CVE-2024-37168 Source advisory: OSV:GHSA-7V5V-9H63-CJ86...

CVE-2024-37168

CVE-2024-37168 affects @grpc/grpc-js (pure JavaScript implementation of gRPC). Before the fixes, two code paths could buffer or decompress messages that exceed grpc.max_receive_message_length, potentially causing memory allocation in excess of the limit. This could occur when a message arrives la...

CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.maxreceivemessagelength channel option: If an...

Prototype Pollution

Overview "The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition." Recommendation Upgrade to version 1.1.8 or later References - CVE - GitHub Advisory...

Prototype pollution in grpc and @grpc/grpc-js

"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."...

CVE-2020-7768

The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition...

Design/Logic Flaw

The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition...

CVE-2020-7768 Prototype Pollution

The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition...

PT-2020-19780 · Grpc · Grpc +1

Name of the Vulnerable Software and Affected Versions: grpc versions prior to 1.24.4 @grpc/grpc-js versions prior to 1.1.8 Description: The issue concerns Prototype Pollution via loadPackageDefinition. This affects the grpc and @grpc/grpc-js packages. Recommendations: For grpc versions prior to...